Daniel HoffmanFormer Senior CIA Officer
Shawnee DelaneyFormer Detachment Chief for the Defense Intelligence Agency
Cipher Brief Expert Dan Hoffman is a former senior CIA Officer, three-time station chief and former senior govt Clandestine Services officer. He is at present a nationwide safety analyst with Fox News. This column first appeared in FOX News Opinion on FoxNews.com.
Shawnee Delaney was a Clandestine Officer and former Detachment Chief for the Defense Intelligence Agency and IT Specialist for the Department of Homeland Security for 10 years. She is at present the CEO of Vaillance Group.
OPINION — For Russia as we speak, previous is prologue.
The KGB was the vanguard of the Soviet Union. The Cold War was all about cloak and dagger espionage. Russian president Vladimir Putin served in the KGB and later as Director of Russia’s ruthless FSB safety police. It ought to subsequently come as no shock that he’s directing full throttled assaults on the U.S. in the unregulated, wide-open, man-made area of our on-line world, which has change into the spine infrastructure of twenty first century commerce and free expression.
The Kremlin permits prison cyber hacking teams like DarkSide and REvil to homestead on its territory.
In April 2021, DarkSide launched a cyberattack on Colonial Pipeline, the largest gasoline pipeline in the U.S., which was compelled to close down its community for days. DarkSide hacked into the community utilizing a compromised password, encrypted recordsdata to disclaim Colonial Pipeline directors entry, and extorted the firm with a 5 million greenback bitcoin ransom cost to revive service.
REvil performed a harmful cyberattack in May 2021 in opposition to JBS, the world’s largest meat processing firm. REvil struck once more in July with a provide chain ransomware assault on Kaseya, which led to the compromise of over 1000 corporations.
Most lately, Russian Intelligence, well-known for hacking U.S. social media, the Democratic National Committee, and Secretary Clinton’s e-mail server, penetrated SolarWinds working methods and unfold malware into its “Orion” safety software program, by which Russia gained a backdoor into SolarWinds’ 30,000 clients’ info expertise methods, together with main Fortune 500 corporations. The Kremlin stole protected info from a panoply of non-public sector and U.S. authorities businesses.
Engage immediately with Cipher Brief Experts on the nationwide safety menace posed by Russia at The Cipher Brief Threat Conference October 24-26 in Sea Island, GA. Seats are restricted. Apply today.
During the Cold War, CIA officers devised a set of “Moscow Rules”, which referred to the refined tradecraft they used behind enemy traces to conduct espionage in opposition to the Soviet evil empire.
Key to the Cold War Moscow Rules was seeing the world by the eyes of the enemy. In as we speak’s world, which means understanding the technique and techniques of the menace actors. The purpose for as we speak’s New Moscow Rules is to mitigate threat, whereas with the ability to get pleasure from all the business and different advantages of working and dwelling in our on-line world.
First rule: Know the opposition and their terrain intimately. Just like the Intelligence Officers who ran surveillance detection routes in Moscow to find out whether or not they had a KGB tail, the greatest time to identify the hackers and different malicious actors is when they’re in the pre-attack surveillance section. Cyberattacks don’t happen from a chilly begin with out pre-planning and signatures. Proactively plugging into networks and chat rooms the place assaults are being deliberate in addition to and utilizing cognitive computing to sift by the huge information allows assortment on the enemy’s assault plans.
Rallying safety, human sources, managers, and IT stakeholders to make sure as a lot info is collected and shared on vulnerability and menace information, ends in the simplest countermeasures. Employees ought to have a safe channel for reporting social engineering and technical assaults.
Second rule: Do not rely solely on expertise. Enterprises ought to harden their defenses by lowering weak assault area with safe routers and servers; firewalls and refined internet codes; rigorously utility of each patches and back-up protocols; and information encryption.
But people, aka “the pores and skin behind the keyboard,” beat expertise each time. Despite having all the technical instruments obtainable, with out coaching the workforce on cyber-hygiene greatest practices, enterprises can be weak to assaults.
Enterprises ought to have a strong and clear insider menace program to cope with cyber threats ensuing from each unwitting staff who require coaching to counter hackers and malicious staff with unwell intent.
Third rule: Always assume you’re compromised (which implies you may have already been hacked). Enterprises ought to have a enterprise continuity technique and an information restoration plan, which incorporates functioning offline in the occasion of a catastrophic insider or exterior ransomware assault. These varieties of assaults require proactive planning.
Russia is not at all the solely state actor ruthlessly attacking the U.S. in cyber-space. But the Kremlin’s ubiquitous hacking operations do depend on the most refined and treacherous tradecraft.
Effective cyber safety means recognizing when your habits makes you weak to assault and hardening all of your cyber defenses accordingly. Incorporating greatest observe New Moscow Rules is supposed to defend in opposition to not solely Russia but in addition adversaries like China, Iran, and North Korea, to not point out company rivals and criminals teams.
Read extra expert-driven nationwide safety insights, perspective and evaluation in The Cipher Brief